[Samba] Samba 4.5 y opensuse42.1

Vinicius Bones Silva vbs at e-trust.com.br
Mon Oct 31 14:39:31 UTC 2016


Hi,

     The ldapsearch message is because you can't connect by plain text (-x) by default . 
Try using https, that should do it.

     Does smbclient -L SERVERDOM -U Administrator work? Or does it give 
NT_STATUS_LOGON_FAILURE as well?
     if you increase the log level, do you see "Unable to convert SID (S-1-X-XXX) at index 
X in user token to a GID." in your log files?


Em 31/10/2016 12:17, Informatico Neurodesarrollo via samba escreveu:
> Any body here?; some body can help me ?.
>
>
> T.I.A.
>
> El 25/10/16 a las 16:24, Informatico Neurodesarrollo via samba escribió:
>> Hi friends:
>> I was installed Samba4 ver 4.5 on openSuSE 42.1 Leap, the smb.conf is:
>>
>> # Global parameters
>> [global]
>>     netbios name = SERVERDOM
>>     realm = POLRMVAR.MTZ.SLD.CU
>>     workgroup = POLRMVAR
>>     dns forwarder = 10.44.0.5
>>     server role = active directory domain controller
>>     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, 
>> ntp_signd, kcc
>>
>> [netlogon]
>>     path = /usr/local/samba/var/locks/sysvol/polrmvar.mtz.sld.cu/scripts
>>     read only = No
>>
>> [sysvol]
>>     path = /usr/local/samba/var/locks/sysvol
>>     read only = No
>>
>> [home]
>>     comment = Directorios Personales
>>     path = /home/usuarios
>>     read only = No
>>
>> Kerberos are work fine
>>
>> krb5.conf:
>>
>> [libdefaults]
>>     default_realm = DOMINIO.MTZ.SLD.CU
>>     dns_lookup_realm = false
>>     dns_lookup_kdc = true
>>     default_ccache_name = KEYRING:persistent:%{uid}
>>
>>
>> When I run this command while config my samba:
>>
>> #net rpc rights grant 'DOMINIO\Domain Admins' SeMachineAccountPrivilege \
>> SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege \
>> SeRemoteShutdownPrivilege -UAdministrator
>>
>> and all work fine.
>>
>> but when I run this other to check rights:
>>
>> # net rpc rights list accounts –UAdministrator
>> Enter informatico's password:
>> Could not connect to server 127.0.0.1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> I don't know where to look?, this is Problem #1
>>
>> The other:
>>
>> server:#ldapsearch -x -h servidor -s base -D 
>> CN=Administrator,CN=Users,CN=DOMINIO,DC=MTZ,DC=SLD,DC=CU -W
>> Enter LDAP Password:
>> ldap_bind: Strong(er) authentication required (8)
>>     additional info: BindSimple: Transport encryption required.
>>
>>
>> I was looking around about the problem , I wish improve the security on my server, not 
>> lack it.
>>
>> Any suggestion are welcome.
>>
>> T.I.A
>>
>>
>

-- 

	
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva

	







	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 
www.e-trust.com.br.



More information about the samba mailing list